Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

New Apple QuickTime Update Patches 12 Vulnerabilities

Apple released QuickTime 7.7.4 for Windows, which patched a handful of vulnerabilities, some which could have led to arbitrary code execution and caused the program to unexpectedly terminate.

Apple pushed out version 7.7.4 of its multimedia framework QuickTime for Windows users on Wednesday, addressing a handful of issues, some which could have led to arbitrary code execution and caused the program to unexpectedly terminate. It’s Apple’s first QuickTime update of the year and the first for Windows users since last November.

A dozen vulnerabilities were fixed – 11 of the 12 were reported by security researchers in tandem with HP’s Zero Day Initiative.

A bulk of the vulnerabilities stemmed from how the framework handled playing maliciously crafted movie and MP3 files. In some cases, vulnerabilities existed in the framework that could be exploited if someone were to open malicious QTIF files, JPEG files, FPX files or MVHD atoms – the containers QuickTime uses for movie data.

Apple improved bounds checking – the method of detecting whether a variable is within some bounds before its use – to address memory corruption issues and buffer overflows on QuickTime.

According to Apple’s Mailing Lists, who have an in-depth rundown of all the patches, the vulnerabilities affect versions of QuickTime on Windows 7, Vista, XP SP 2 and later.

The update, which can be found in the Downloads section of Apple’s site is recommended for anyone still running QuickTime 7 on Windows machines.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.